Matthew Dillon <[EMAIL PROTECTED]> writes: > So making DDB 'secure-level friendly' would be a useful thing > tgo do, I think. The idea is not to disable DDB, but to simply > limit the actions that can be performed within it if the securelevel > has been raised. The sysadmin would only be allowed to issue > passive commands, cont, and 'panic'. The sysadmin would not be > allowed to modify the running system. That's an excellent idea - it shouldn't be too hard to add a kernel option (say, DDB_RESTRICTED) and #ifndef the "dangerous" commands. DES (must... write... patches...) -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
- Re: Init(8) cannot decrease securelevel Bruce Evans
- Re: Init(8) cannot decrease securelevel Bruce Evans
- Re: Init(8) cannot decrease securelevel KATO Takenori
- Re: Init(8) cannot decrease securelevel Dag-Erling Smorgrav
- Re: Init(8) cannot decrease securelev... Matthew Dillon
- Re: Init(8) cannot decrease secu... Matthew D. Fuller
- Re: Init(8) cannot decrease ... Matthew Dillon
- Re: Init(8) cannot decre... Dag-Erling Smorgrav
- Re: Init(8) cannot decre... KATO Takenori
- Re: Init(8) cannot decrease secu... Greg Black
- Re: Init(8) cannot decrease ... Matthew Dillon
- Re: Init(8) cannot decre... KATO Takenori
- Re: Init(8) cannot decre... David Scheidt
- Re: Init(8) cannot decre... Peter Jeremy
- Re: Init(8) cannot decre... Nick Hibma
- Re: Init(8) cannot decre... Bill Fumerola
- Re: Init(8) cannot decre... Matthew Dillon
- Re: Init(8) cannot decre... Poul-Henning Kamp
